The Resource Access Control
Facility (RACF®) customization jobs create an SSL
keyring owned by the WebSphere® Application Server
for z/OS® administrator.
This SSL keyring contains the digital certificate needed to communicate
with WebSphere Application
Server. Other MVS user
IDs, which require WebSphere Application Server
for z/OS administration
require additional customization.
Before you begin
The Resource Access
Control Facility (RACF) customization jobs create
an SSL
keyring owned by the WebSphere Application Server
for z/OS administrator
containing the digital certificate needed to communicate with WebSphere Application
Server. However, additional customization is required for administration
by
other MVS user
IDs.
Note that the MVS user ID in the description below
is the MVS user ID under
which the wsadmin process is running, not the user ID specified
in
the wsadmin request.
About this task
In the example below:
- yyyyy is
the user ID of the new WebSphere Application Server
for z/OS administrator
- xxxxx is
the name of the keyring that is specified in soap.client.props in
the profile_root/properties directory.
- zzzzz is
the label name used in the BBOSBRAK jobs to specify
which certificate authority certificate was used to generate server
keys
Procedure
- If the new administrator
is not a member of the WebSphere Application
Server for z/OS administrative
group, make sure that the new user ID has access to the appropriate RACF keyrings
and digital certificates. For example:
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(yyyyy) ACC(READ)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(yyyyy) ACC(READ)
- Use the setup completed by the customization
jobs as a model for
the additional steps. This information is in the BBOCBRAK
member
of the <HLQ>.DATA data set generated during the customization
process.
The BBOCBRAK job contains the set of RACF commands
that were used:
/* Generating SSL keyrings for WebSphere administrator */
RACDCERT ADDRING(xxxxx) ID( yyyyyy )
/* Connect WebSphere Application Server CA Certificates to Servers keyring */
"RACDCERT ID(yyyyy) CONNECT (RING(xxxxx) LABEL('zzzzz') CERTAUTH"
SETROPTS RACLIST(FACILITY) REFRESH"